3 namespace Drupal\block;
5 use Drupal\Component\Plugin\Exception\ContextException;
6 use Drupal\Component\Plugin\Exception\MissingValueContextException;
7 use Drupal\Core\Access\AccessResult;
8 use Drupal\Core\Cache\Cache;
9 use Drupal\Core\Cache\CacheableDependencyInterface;
10 use Drupal\Core\Condition\ConditionAccessResolverTrait;
11 use Drupal\Core\Entity\EntityAccessControlHandler;
12 use Drupal\Core\Entity\EntityHandlerInterface;
13 use Drupal\Core\Entity\EntityInterface;
14 use Drupal\Core\Entity\EntityTypeInterface;
15 use Drupal\Core\Plugin\Context\ContextHandlerInterface;
16 use Drupal\Core\Plugin\Context\ContextRepositoryInterface;
17 use Drupal\Core\Plugin\ContextAwarePluginInterface;
18 use Drupal\Core\Session\AccountInterface;
19 use Symfony\Component\DependencyInjection\ContainerInterface;
22 * Defines the access control handler for the block entity type.
24 * @see \Drupal\block\Entity\Block
26 class BlockAccessControlHandler extends EntityAccessControlHandler implements EntityHandlerInterface {
28 use ConditionAccessResolverTrait;
31 * The plugin context handler.
33 * @var \Drupal\Core\Plugin\Context\ContextHandlerInterface
35 protected $contextHandler;
38 * The context manager service.
40 * @var \Drupal\Core\Plugin\Context\ContextRepositoryInterface
42 protected $contextRepository;
47 public static function createInstance(ContainerInterface $container, EntityTypeInterface $entity_type) {
50 $container->get('context.handler'),
51 $container->get('context.repository')
56 * Constructs the block access control handler instance
58 * @param \Drupal\Core\Entity\EntityTypeInterface $entity_type
59 * The entity type definition.
60 * @param \Drupal\Core\Plugin\Context\ContextHandlerInterface $context_handler
61 * The ContextHandler for applying contexts to conditions properly.
62 * @param \Drupal\Core\Plugin\Context\ContextRepositoryInterface $context_repository
63 * The lazy context repository service.
65 public function __construct(EntityTypeInterface $entity_type, ContextHandlerInterface $context_handler, ContextRepositoryInterface $context_repository) {
66 parent::__construct($entity_type);
67 $this->contextHandler = $context_handler;
68 $this->contextRepository = $context_repository;
74 protected function checkAccess(EntityInterface $entity, $operation, AccountInterface $account) {
75 /** @var \Drupal\block\BlockInterface $entity */
76 if ($operation != 'view') {
77 return parent::checkAccess($entity, $operation, $account);
80 // Don't grant access to disabled blocks.
81 if (!$entity->status()) {
82 return AccessResult::forbidden()->addCacheableDependency($entity);
86 $missing_context = FALSE;
87 $missing_value = FALSE;
88 foreach ($entity->getVisibilityConditions() as $condition_id => $condition) {
89 if ($condition instanceof ContextAwarePluginInterface) {
91 $contexts = $this->contextRepository->getRuntimeContexts(array_values($condition->getContextMapping()));
92 $this->contextHandler->applyContextMapping($condition, $contexts);
94 catch (MissingValueContextException $e) {
95 $missing_value = TRUE;
97 catch (ContextException $e) {
98 $missing_context = TRUE;
101 $conditions[$condition_id] = $condition;
104 if ($missing_context) {
105 // If any context is missing then we might be missing cacheable
106 // metadata, and don't know based on what conditions the block is
107 // accessible or not. Make sure the result cannot be cached.
108 $access = AccessResult::forbidden()->setCacheMaxAge(0);
110 elseif ($missing_value) {
111 // The contexts exist but have no value. Deny access without
112 // disabling caching. For example the node type condition will have a
113 // missing context on any non-node route like the frontpage.
114 $access = AccessResult::forbidden();
116 elseif ($this->resolveConditions($conditions, 'and') !== FALSE) {
117 // Delegate to the plugin.
118 $block_plugin = $entity->getPlugin();
120 if ($block_plugin instanceof ContextAwarePluginInterface) {
121 $contexts = $this->contextRepository->getRuntimeContexts(array_values($block_plugin->getContextMapping()));
122 $this->contextHandler->applyContextMapping($block_plugin, $contexts);
124 $access = $block_plugin->access($account, TRUE);
126 catch (MissingValueContextException $e) {
127 // The contexts exist but have no value. Deny access without
128 // disabling caching.
129 $access = AccessResult::forbidden();
131 catch (ContextException $e) {
132 // If any context is missing then we might be missing cacheable
133 // metadata, and don't know based on what conditions the block is
134 // accessible or not. Make sure the result cannot be cached.
135 $access = AccessResult::forbidden()->setCacheMaxAge(0);
139 $access = AccessResult::forbidden();
142 $this->mergeCacheabilityFromConditions($access, $conditions);
144 // Ensure that access is evaluated again when the block changes.
145 return $access->addCacheableDependency($entity);
150 * Merges cacheable metadata from conditions onto the access result object.
152 * @param \Drupal\Core\Access\AccessResult $access
153 * The access result object.
154 * @param \Drupal\Core\Condition\ConditionInterface[] $conditions
155 * List of visibility conditions.
157 protected function mergeCacheabilityFromConditions(AccessResult $access, array $conditions) {
158 foreach ($conditions as $condition) {
159 if ($condition instanceof CacheableDependencyInterface) {
160 $access->addCacheTags($condition->getCacheTags());
161 $access->addCacheContexts($condition->getCacheContexts());
162 $access->setCacheMaxAge(Cache::mergeMaxAges($access->getCacheMaxAge(), $condition->getCacheMaxAge()));